SHAH ALAM, Jan 12 — The recent leak of data on about 17.5 million Instagram users is not considered serious and poses limited real-world risk if users take basic security measures.
Data engineer and analyst Teoh Kong Seng said the incident does not indicate a major security weakness in Meta’s platform, describing it instead as a limited leak or system bug.
While the leak should be addressed, it does not constitute a major threat.
“Meta has strong security systems. If there were a major breach, the number of affected users would be much higher,” he told Media Selangor.
Instagram has over three billion monthly active users as of September last year.
Yesterday, it was reported that personal data from at least 17.5 million Instagram users has been leaked and shared on the dark web, raising serious concerns about user privacy and platform security.
Cybersecurity firm Malwarebytes said the leaked data may include usernames, full names, email addresses, phone numbers, and partial physical addresses.
No passwords were compromised, although experts warned that the compromised data can still be used for identity theft or financial fraud. The breach was first traced to a 2024 vulnerability in Instagram's API.
Teoh added that while leaked contact details could be used for spam or fraud, public awareness of scams has improved, with most users today being cautious about engaging with suspicious emails or calls.
Many also do not share full addresses on Instagram unless they operate business accounts, reducing the potential impact.
Nonetheless, he urged social media users to take precautions to ensure added data security.
“Users should change their passwords, enable two-factor authentication, and make sure they only reset passwords through official Instagram settings,” Teoh said.
He also encouraged users to limit the amount of personal information shared on social media, particularly phone numbers, unless necessary.
Meanwhile, Teoh said social media platforms must continue strengthening internal security controls and be transparent with users when incidents occur.
